Site Privacy issues

From: John Foust <>
Date: Fri Sep 17 08:45:02 2004

At 02:58 AM 9/17/2004, Gordon JC Pearce wrote:
>Now, if you want the server to have some idea of where a given client has come from *within your own site*, you can either fake it with hidden form fields (not always possible, but worth a try), a big long identifier in the GET request (ugly, and prone to error)

And those big long GET/PUT make it much easier for a sniffer on
your network (or along your path) to see your identifiers. :-)

I was travelling a minor auction site the other day, and noticed
that it was keeping state - including my password, in plaintext -
in its stateful URL.

- John
Received on Fri Sep 17 2004 - 08:45:02 BST

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:37:30 BST